I believe I have some sort of an infection on my XP SP3 computer. I have already run AdwCleaner and Malwarebytes have the logs for those. Both found some stuff and managed to clean them up successfully as well. My question is do I need to now continue running the remainder s/w i.e. OTL and aswMBR?

Thanks

Nexar

Yes, please also run OTL and aswMBR.

your malwarebytes log say “no action taken”. did you click the remove selected button after scan?

Oops sorry… there is a log produced when it completes but before any action is taken. I’d saved that as well. I’m now attaching the one showing the removal/quarantining.

I am also attaching the OTL.txt and Extras.txt files from OTL.

However when I ran aswMBR.exe it ran for quite a while and then crashed. I haven’t tried to run it again.

Thanks for all your help.

However when I ran aswMBR.exe it ran for quite a while and then crashed. I haven't tried to run it again.

Sure I’ll give that a go. Please can you tell me what happens next.

Thanks

a removal expert is notified and will check the log…and then you follow whatever he say

That looks clean, are you experiencing any problems ?

Ok I managed to get aswMBR.exe to run successfully and the log is attached. I haven’t tried anything as yet. Perhaps it’s best that you confirm that the last log is also clean and then I’ll restart the system and have a go to see what happens. is that OK.

Thanks again for all your help.

Nexar

Too much haste little speed. Last log attached this time. Sorry

Give the computer a good workout and if all is well I will remove the tools and tidy up

Thanks again. However it will have to be tomorrow. Tonight is … Love night!! Hope you get some as well.

;D ;D 8)

Ok the system’s been going for about an hour and no problems experienced. Thanks very much for assisting in resolving the problem.

I do have a few questions:

1. Please can you confirm that of the 4 programs we ran only mbam was actually ‘installed’ on the system and that the other 3 are standalone pieces of s/w that are run on demand.

2. Do I need to continue with mbam beyond the trial period?

3. What does ambam do that avast doesn’t? I had run a full system scan via avast which did not pick up any of the stuff that ambam did.

Look forward to hearing from you.

Nexar

Oops spoke too soon. I tried to log into my web mail and got the following dialogue box:

Internal Error: ID “SmartbarImages” used multiple times!

Only option is to press OK.

When I press OK the message comes up again but with a check box underneath which says ‘Prevent this page from creating additional dialogues’.

Once I tick that no further dialogues appear. However I’m now wondering if it is suppressing any other dialogues which may be necessary as well.

I think Smartbar was one of the items that we had got rid of.

Any thoughts on what to do next?

I’ve been doing some further testing. The error only appears when I try to login to this one webmail provider. They use Open-Exchange Server software. Once I click the ‘prevent…etc’ it shows a small window saying Rebuild Tree…60% and then get’s stuck there.

I have been able to login from another m/c to that webmail without problem so clearly it is a remnant of the infection on this m/c.

I’m happy to contact the webmail ISP but not sure what it is I’m going to ask them other than explaining the symptoms. Do you guys want me to ask any specific questions. I’ll hold off from contacting them until I’ve had some direction from you.

Thanks.

I was so sure that everything had been resolved. So near and yet a bit far!!

Nexar

Try this quick fix and then retry

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
IE - HKU\S-1-5-21-4243572757-462005793-91445984-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.0.1:8080


:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Thanks will let you know once all that’s done.

Hi

I tried running the OTL quick fix mentioned above. On the screen I have the OTL window showing a message at the bottom of the screen saying : ‘Killing processes: DO NOT INTERRUPT…’

All the desktop icons are still there. However the clock is frozen to around the time when the OTL process started. I can still move the cursor but apart from that it looks like the process has hung the machine. There is no disk activity. I haven’t tried to bring up the Task Manager using Ctrl+Alt+Del.

Is there any way of telling if the process is still running? If not what is my next step?

Thanks

Nexar

abort it, and try run the fix from safe mode…

possible avast or malwarebytes if you installed it as pro version, the is protecting its process from being killed